How to denied all requests except some in Magento - magento

The question is not enough clear, so I will explain more.
My client has a requirement in mobile1 about the users all SHOULD not visit all request2
For example:
The users SHOULD: only visit some in below list:
mydomain.com/catalog/product/view
mydomain.com/cusotmer/account/any_action
mydomain.com/onepage/checkout/any_action
So, I am having a solution is at the method: Mage_Core_Controller_Varien_Action::preDispatch()
I will get the request variable to check what is moulde, controller, action. If it is valid in list, if not I will redirect to an accessed denied page.
I know that is bad, so I am looking for other solutions.
1: We've already designed a theme for mobile, just want to give for user some pages are necessary.
2: I mean to the router format: module/ controller/ action.
UPDATE:
Thanks all guys so much. Now, I understand what I need to do. I don't know how to close my question. So please help me if you can. I don't want to be a member who never accept the answer.

This is not good question which could be easy to answer, but very happy for help from #azakolyukin and #elgabbu
So, I think #azakolyukin's comment is correct answer.

Related

How can I filter on GA requests which contain "X-Purpose:preview" on the header?

Good morning and thanks in advance. My GA is going crazy because we are getting traffic from a source that "preloads" our pages for their users. This means that although not all of their users end up in our site, GA still counts each "prefetch" as a session of 1-2 seconds. I need to filter HTTP requests that contain "X-Purpose:preview" at the header but the current regular expression I am ussing is not working. As of now I put: Exclude Request URI and then this regex:
(X-Purpose:preview)
it is not working. Any help will be appreciated.
In case anyone out there is trying to solve this... I posted it on GA forum and seems there is no way to make this work. If anyone can think of a way to make it work I'd be immensely grateful: https://www.en.advertisercommunity.com/t5/Google-Analytics-Filters/How-can-I-filter-on-GA-requests-which-contain-X-Purpose-preview/m-p/1252519#

API Upload files with metadata

I'm looking for some guidance here.
Scenario:
I have a Post model with a polymorphic relation to a Comment model. Whenever I want to create a new comment for a given post I have the following endpoint:
$router->post('/posts/{post}/comments', 'PostsCommentsController#store');
So far so good. Now I want to add an Attachment model which will also be a polymorphic relation since I may need to add attachments to more things other than comments (ex: messages, etc).
My first idea was doing something in the lines of:
$router->post('/posts/{post}/comments/attachments', 'PostsCommentsAttachmentsController#store');
So the comment will belong to a post and will have an attachment.
This feels a bit "dirty" to me (especially the controller name) and the need of having 3 nested resources (maybe I'm just thinking too much).
Hope I was clear enough explaining my problem :)
Have anyone faced something like this before? How did you guys solve it?
Other approaches? Am I thinking completely wrong?
Open to ideas and suggestions :D
Thank you all.
I'd prefer Single Responsibility for each Controllers or route. So it's pretty clear what their actually do and handle. Let me give you example:
- Post
/posts -> list all post
/posts/{id} -> get specific post
/posts/{id}/comments -> get comments of the post
- Comment
/comments/{id} -> get specific comment
/comments/{id}/attacments -> get attacments of a comment
- Attachment
/attachment/{id} -> get specific attachment
For Controller name, just keep it simple. Just usePostController, CommentController and AttachmentController. It's quite clear I think.
After more researching, I actually realized that what I wanted to do was basically a file upload with metadata.
Came across this excellent post: HTTP/REST API File Uploads that explains it
PS: Thank you Dharma for the help and time.

magento How can I set a url request like this? 'baseurl/frontname/index.php?/param'

I need to make an action method that will receive a parameter in the url, perform a search and return an array. Anyway, that's not the problem. My problem is that I want a url like 'baseurl/frontname/param'. I don't know how to do this. I've already seem a Magento site performimg same operation with a url like 'baseurl/frontname/index.php?/param'. It's good for me too.
Can someone help me to realize it?

How to make the condition in magento?

Now, I want to output something when the user register my site, how to make the condition, namely:
If()
If the user register my site, then on the page echo something.eg:
When the user is not registered on my site, the page echo "test". If he is registered on my site, then echo "hello." But when he logged in my site the second time, the page should also echo "test".
How to make the condition. Thank you.
try this
if(Mage::helper('customer')->isLoggedIn()){
}
From my understanding capturing the login event could be useful for what you want to achieve. See this detailed tutorial on how to do something very similar to what you are trying. On this case they are offering a reward for first order a client has made.
I have struggling with a bigger task and one of my middle steps was to capture an event, wich I accomplished by following the previous posted link. It was very useful.
Here is one of my questions about the subjetct (capturing events and redirecting), maybe it can help you too.

Hiding the server function being called in an ajax request

please excuse me for asking this but I have no other option apart from asking you all.
I am using ajax to send some data to a function on the server which does something with the database and then returns some json data.
Now the question is if someone goes through my javascript he/she would come to know of the function on the server to which the data is being posted. for eg: I post some data to a server side function which resides at mysite/postdata.
Cant a person get access to this link and use it. I am sure there should be some way this can be avoided.. just that I dont know....
Since nobody's posted an answer with more detail.. Here's my comment from above:
Anything you put in JavaScript can and will be seen by users. You'll have to take measures to ensure that malicious users can't retrieve or insert data that they're not supposed to.

Resources